背景:在抓包過(guò)程中經(jīng)常發(fā)現(xiàn)數(shù)據(jù)包被加密了窟蓝,被加密成大小寫字母混雜著些‘+罪裹,/’這種。然后后面還有兩個(gè)==號(hào)疗锐,經(jīng)常讓人誤以為僅僅是base64加密坊谁。(后悔大學(xué)沒(méi)好好聽密碼學(xué)這門課)。在一次偶然間對(duì)GitHub上找的免殺馬代碼學(xué)習(xí)的時(shí)候才認(rèn)識(shí)了這個(gè)加密方式滑臊,在這個(gè)行業(yè)之間人與人的差距不是一點(diǎn)半點(diǎn)口芍。
介紹:RC4算法的特點(diǎn)是算法簡(jiǎn)單,執(zhí)行速度快雇卷。并且密鑰長(zhǎng)度是可變的鬓椭,可變范圍為1-256字節(jié)(8-2048比特)颠猴,在現(xiàn)在技術(shù)支持的前提下,當(dāng)密鑰長(zhǎng)度為128比特時(shí)小染,用暴力法搜索密鑰已經(jīng)不太可行翘瓮,所以能夠預(yù)見RC4的密鑰范圍任然能夠在今后相當(dāng)長(zhǎng)的時(shí)間里抵御暴力搜索密鑰的攻擊。實(shí)際上裤翩,現(xiàn)在也沒(méi)有找到對(duì)于128bit密鑰長(zhǎng)度的RC4加密算法的有效攻擊方法资盅。
正文開始
========================================
形如以下這種格式的
ySo7K1EC+OcYZ1EVu5DOxhU0gyDHzKW99O+iv02Gcbf/xxxJPbTkoW0GmAYEOPUuHXtR8APvmc1JEA5gixASLF/qphCZ64BxfO/2Qlw933WvLpKBhU4E6Z+r+jNz2Sw8MBOVKUzlqSm9BTUIdDw9i554fXwMkoqar9qbbCllfQMGI+s6Slo75+x4gBBsmfvJwwKF8RSUc/bXHbQQgfywcMSWMDrJ7aGSVXrNCUyXJy+Me9fpyrjw2+j6In9rVNfbaljKWsF9jro9HJXCdLc0eB0VDt3OSzqYY5gcQngE7n8qtVP9UAbaXCb2v8OzZ51wLC3OknMl1fIKC5VTVAFZj8jviS3ihLrP19/wiUuuvkEkf3oOqf9RSZe8VFXDAeKdclrN9S9yt5bJ0MxnlXgqb+aGWrBURVE3RBsaJXOHW4szqG+/YkkX4YuZzL9yMof7Tk9uIAq4D12880ptuwcugT+gJOpt62HPl5DEiseqR2yOURHUEpZGqtcjcWadwNf+9jl5Q==
這是某次抓包中隨機(jī)遇到的,具體明文是啥也不知道踊赠。即使到目前為止也不是很確定就是這種加密 呵扛。下面就使用python對(duì)這個(gè)加解密過(guò)程進(jìn)行實(shí)現(xiàn)】鸫可使用的語(yǔ)言很多今穿,但是核心代碼沒(méi)變,部分代碼有改動(dòng)伦籍,這里就這個(gè)免殺代碼里的部分拿出來(lái)進(jìn)行加解密的實(shí)現(xiàn)蓝晒。
加密代碼(python2):
import hashlib, base64
date = "username=admin,password=admin,111111111111,fsdfsanfjaaaa,aaaaa111=aaaaaa,111aaaaa111,2424,fffffffaaaaaaaaaaaaaaaaabbCCSSSSSSSSSSSSSAAAAAAAAAAAGGGGGGGGGGGGsd11111,dDAASFASDFS,1111,2222222222222,55555555555,1fasdfasfsddfdsadfdsfdssdcd"
def rc4(text, key):
key = hashlib.md5(key).hexdigest()
result = ''
key_len = len(key)
box = list(range(256))
j = 0
for i in range(256):
j = (j + box[i] + ord(key[i%key_len]))%256
box[i],box[j] = box[j],box[i]
i = j = 0
for element in text:
i = (i+1)%256
j = (j+box[i])%256
box[i],box[j] = box[j],box[i]
k = chr(ord(element) ^ box[(box[i]+box[j])%256])
result += k
result = base64.b64encode(result)
return result
key = "abcd7788"
a = rc4(date,key)
print a
解密代碼如下(python2):
import hashlib, base64
def rc4(text, key):
key = hashlib.md5(key).hexdigest()
text = base64.b64decode(text)
result = ''
key_len = len(key)
box = list(range(256))
j = 0
for i in range(256):
j = (j + box[i] + ord(key[i%key_len]))%256
box[i],box[j] = box[j],box[i]
i = j = 0
for element in text:
i = (i+1)%256
j = (j+box[i])%256
box[i],box[j] = box[j],box[i]
k = chr(ord(element) ^ box[(box[i]+box[j])%256])
result += k
return result
將兩處代碼進(jìn)行整合,加解密過(guò)程結(jié)束后判斷明文是否一致帖鸦,代碼如下:
# -*- coding: utf-8 -*-
import hashlib, base64
date = "username=admin,password=admin,111111111111,fsdfsanfjaaaa,aaaaa111=aaaaaa,111aaaaa111,2424,fffffffaaaaaaaaaaaaaaaaabbCCSSSSSSSSSSSSSAAAAAAAAAAAGGGGGGGGGGGGsd11111,dDAASFASDFS,1111,2222222222222,55555555555,1fasdfasfsddfdsadfdsfdssdcd"
def rc4(text, key):
key = hashlib.md5(key).hexdigest()
result = ''
key_len = len(key)
box = list(range(256))
j = 0
for i in range(256):
j = (j + box[i] + ord(key[i%key_len]))%256
box[i],box[j] = box[j],box[i]
i = j = 0
for element in text:
i = (i+1)%256
j = (j+box[i])%256
box[i],box[j] = box[j],box[i]
k = chr(ord(element) ^ box[(box[i]+box[j])%256])
result += k
result = base64.b64encode(result)
return result
key = "abcd7788"
a = rc4(date,key)
def rc4_jie(text, key):
key = hashlib.md5(key).hexdigest()
text = base64.b64decode(text)
result = ''
key_len = len(key)
box = list(range(256))
j = 0
for i in range(256):
j = (j + box[i] + ord(key[i%key_len]))%256
box[i],box[j] = box[j],box[i]
i = j = 0
for element in text:
i = (i+1)%256
j = (j+box[i])%256
box[i],box[j] = box[j],box[i]
k = chr(ord(element) ^ box[(box[i]+box[j])%256])
result += k
return result
b = rc4_jie(a,key)
if date == b:
print "success"
print date
print a
print b
else:
print "fail"
運(yùn)行截圖如下:
